Employee error often puts sensitive data at risk and into the wrong hands.

But that’s far from the whole story about how consumers’ confidential data gets into the wrong hands. Research shows employee error puts sensitive data at risk far more often.

Verizon data security experts analyzed more than 47,000 data “security incidents” in 2012. In these incidents, the exposure of this sensitive data didn’t necessarily involve crime or result in monetary losses.

Threats caused by malware and “misuse”—which covers employees’ violations of data-use policies—tied for second, at 20%.

All credit unions implement various network security measures to protect data against high-tech attacks. But employees also can protect members’ sensitive data with these four measures:

1. Double-checkthe destination of emails or fax numbers before hitting “send.” Anytime you’re corresponding with a member or third-party vendor that involves sensitive data, first check your credit union’s information security policies to determine if they permit transmitting members’ confidential data in
these ways. If so, best practices recommend you send only encrypted data.

Laptops are a major target for thieves. Whenever possible, don’t take a laptop containing members’ confidential data out of the office. If you must, don’t leave the laptop in plain sight in your car, unattended in a coffee shop or library, or in other situations that invite theft.

Member data saved to thumb drives, CDs, or other portable media presents a huge risk. That’s why some credit unions lock down the USB ports and CD/DVD drives on their workstations.

If you have the ability to save member data to external memory devices, don’t lose track of them. Delete the data or destroy the disk as soon as you’ve transferred
the data to its destination.

4. Beware of targeted phishing attacks. As a financial services employee, you’re at greater risk than the general public for phishing schemes.

One common phishing attack tricks you into opening an infected email attachment or clicking on a link to an infected website. This automatically installs malicious software (malware) on your work computer, possibly creating a back door into your credit union’s network.

Criminals search social networks such as LinkedIn to discover employers, job titles, and email addresses, and generally send phishing emails to a specific group of employees at a credit union—a tactic called “spear phishing.”

Be careful about any email that contains a link or file, even if the email appears to be from a professional organization or social network to which you belong. Your credit union might have an acceptable use policy prohibiting employees from using credit union-owned computers for personal purposes, including surfing the Internet and/or checking personal email.

These four measures cover only some of the employee-related data security exposures. Your security policies undoubtedly cover current scenarios. Your best protection is understanding your policies, being aware of how you interact with members’ data, and guarding against errors and targeted scams.